Firewall tips.

Some questions come regularly in Linux certifications forums:
Do I need to set up iptables configuration or not ?
In fact, it depends on the questions and the risk you want to take.
If there is no mention of ports in the exam and risk doesn’t frighten you, you can go for: # iptables -F; service iptables save
Otherwise, you have to learn the ports associated with each service.
During your training session, you can test your configuration in your lab with a port scanner: nmap is your friend!# yum install -y nmap
Then, you can test your local port configuration (tcp & udp) with the following command (s for scan, T for tcp and U for udp): # nmap -sT -sU localhost
Once you’ve got your iptables configuration set up, you can test it from another VM or your KVM host. It’s simple with tcp ports: # nmap -sT myvm
Things become trickier with udp ports. If you don’t want to spend around 18 minutes to get the answer (test it if you think I’m kidding!), you have to specify the ports that you want to test: # nmap -sU -pU:53,111 myvm
It’s even possible to combine the two tests in one: # nmap -sT -sU -pT:*,U:53,111 myvm